FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Wordpress -- multiple vulnerabilities

Affected packages
	fr-wordpress	<	4.7.5,1
	wordpress	<	4.7.5,1
	de-wordpress	<	4.7.5
	ja-wordpress	<	4.7.5
	ru-wordpress	<	4.7.5
	zh-wordpress-zh_CN	<	4.7.5
	zh-wordpress-zh_TW	<	4.7.5

Details

VuXML ID	a5bb7ea0-3e58-11e7-94a2-00e04c1ea73d
Discovery	2017-05-16
Entry	2017-05-21

WordPress versions 4.7.4 and earlier are affected by six security issues

Insufficient redirect validation in the HTTP class.

Improper handling of post meta data values in the XML-RPC API.

Lack of capability checks for post meta data in the XML-RPC API.

A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.

A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.

[source]

References

URL	https://wordpress.org/news/2017/05/wordpress-4-7-5/